All Examples This Package
Class examples.security.rdbmsrealm.RdbmsRealm
java.lang.Object
|
+----examples.security.rdbmsrealm.RdbmsRealm
- public class RdbmsRealm
- extends Object
- implements ListableRealm, CacheableRealm
Implements a realm that uses data stored in a relational database.
The data is pulled into memory as needed and cached. The realm is
read-only but can be administered through the database.
The realm is configurable through a Java Properties resource
named weblogic.realm_properties.
Here is a description of its properties:
- (Required) The database driver, dbURL,
dbUser, and dbPassword to specify the JDBC connection
- (Required) Values for getUser, getGroupMembers, and getAclEntries
to specify JDBC PreparedStatements that take a single parameter for
the name
- (Required) Values for getUsers, getGroups, getPermissions,
and getAcls to specify parameterless JDBC
PreparedStatements that help implement the ListableRealm
functions. Note that the selected columns for the pairs of
PreparedStatements getUser/getUsers, getGroupMembers/getGroups, and
getAclEntries/getAcls must match so that the same function can
be used to convert JDBC ResultSets to the realm's users, groups,
and ACLs. Furthermore, the results for getGroups and getAcls need
to be ordered by the name column for the same reason.
The implementation calls factory functions for users, groups,
and ACLs so that subclasses can override these. The factory
functions at this level assume a certain number and order of the
columns in the ResultSet:
- For a user, the user's name and password
- For a group, the group's name and a member name
- For an ACL, the ACL's name, the name of a group or user, and the
name of a permission.
The implementation of newRdbmsAcl at this level also requires that
the ResultSet enumerate ACL entries of the same name ordered by
Principal name.
RdbmsUser implements CacheableRealm and uses the caching realm
for internal calls to the BasicRealm API. Initially, the caching
realm is the instance itself, which works. A caching realm will
delegate to this realm when a call to the cache is unfulfilled.
RdbmsRealm can also be used to define the tables and/or populate
the database. The special prefix fromScratch. in a realm
name indicates that the real realm name is the remaining string,
and that SQL from a Data Definition resource, composed from the
real realm name with suffix .realm_ddl, should be executed.
You can run the RdbmsRealm in test mode to see a listing of
users, groups, ACLs, and permissions for the realm by changing
the static boolean "unitTest" to true and recompiling.
Scripts are provided in this directory that compile the Java
files, copy the appropriate resources into WebLogic's CLASSPATH,
and create the appropriate tables in an RDBMS. Edit
weblogic.realm_properties for your DBMS.
The scripts are designed to be run from the current directory
(examples/security/rdbmsrealm/). See the DefaultRealmExtender
examples for more details on using RdbmsRealm
as a replacement for the WebLogic default realm.
- Author:
- Copyright (c) 1998-1999 by BEA Systems. All Rights Reserved.
-
aclOwner
-
-
cache
-
-
conn
-
-
DB_PASSWORD
-
-
DB_URL
-
-
DB_USER
-
-
DRIVER
-
-
GET_ACL_ENTRIES
-
-
GET_ACLS
-
-
GET_GROUP_MEMBERS
-
-
GET_GROUPS
-
-
GET_PERMISSIONS
-
-
GET_USER
-
-
GET_USERS
-
-
getAclEntriesStmt
-
-
getAclsStmt
-
-
getGroupMembersStmt
-
-
getGroupsStmt
-
-
getPermissionsStmt
-
-
getUsersStmt
-
-
getUserStmt
-
-
name
-
-
SPECIAL_PREFIX
-
-
RdbmsRealm()
-
-
getAcl(String)
- Gets the access control list by the specified name.
-
getAcl(String, char)
- Gets the access control list by the specified name,
with an ACL name delimiter other than the default
(dot, ".").
-
getAclOwner(Object)
- Returns null.
-
getAcls()
- Returns an Enumeration of the groups in a particular realm.
-
getCache()
- Returns the cache of a BasicRealm.
-
getGroup(String)
- Gets a Group for the specified name.
-
getGroups()
- Returns an Enumeration of the groups in a listable realm.
-
getName()
-
-
getPermission(String)
- Gets a Permission that matches the specified name.
-
getPermissions()
- Returns an Enumeration of the permissions for a realm.
-
getPrincipal(String)
- Resolves a name to a User or Group while giving the cache a try.
-
getUser(String)
-
-
getUser(UserInfo)
- Gets a User that matches the specified user info.
-
getUsers()
- Returns an Enumeration of the users in a particular realm.
-
init(String, Object)
-
-
load(String, Object)
- Does nothing.
-
main(String[])
-
-
newRdbmsAcl(ResultSet, Notifiable)
-
Converts the ResultSet into a Group.
-
newRdbmsGroup(ResultSet, Notifiable)
-
Converts the ResultSet into a Group.
-
newRdbmsUser(ResultSet)
-
Converts the ResultSet into a User.
-
save(String)
-
Does nothing.
-
setCache(BasicRealm)
- Sets the cache for the specified BasicRealm.
DRIVER
public static final String DRIVER
DB_URL
public static final String DB_URL
DB_USER
public static final String DB_USER
DB_PASSWORD
public static final String DB_PASSWORD
GET_USER
public static final String GET_USER
GET_GROUP_MEMBERS
public static final String GET_GROUP_MEMBERS
GET_ACL_ENTRIES
public static final String GET_ACL_ENTRIES
GET_USERS
public static final String GET_USERS
GET_GROUPS
public static final String GET_GROUPS
GET_PERMISSIONS
public static final String GET_PERMISSIONS
GET_ACLS
public static final String GET_ACLS
SPECIAL_PREFIX
public static final String SPECIAL_PREFIX
conn
protected Connection conn
getUserStmt
protected PreparedStatement getUserStmt
getGroupMembersStmt
protected PreparedStatement getGroupMembersStmt
getAclEntriesStmt
protected PreparedStatement getAclEntriesStmt
getUsersStmt
protected PreparedStatement getUsersStmt
getGroupsStmt
protected PreparedStatement getGroupsStmt
getAclsStmt
protected PreparedStatement getAclsStmt
getPermissionsStmt
protected PreparedStatement getPermissionsStmt
name
protected String name
cache
protected BasicRealm cache
aclOwner
protected Principal aclOwner
RdbmsRealm
public RdbmsRealm()
main
public static void main(String argv[]) throws Exception
init
public void init(String name,
Object ignoredCredential) throws NotOwnerException
getName
public String getName()
getUser
public User getUser(String name)
getUser
public User getUser(UserInfo userInfo)
- Gets a User that matches the specified user info.
getAclOwner
public Principal getAclOwner(Object credential)
- Returns null. This way ACLs cannot be manipulated outside of the
database.
getGroup
public Group getGroup(String name)
- Gets a Group for the specified name.
getAcl
public Acl getAcl(String name)
- Gets the access control list by the specified name.
getAcl
public Acl getAcl(String name,
char separator)
- Gets the access control list by the specified name,
with an ACL name delimiter other than the default
(dot, ".").
getPermission
public Permission getPermission(String name)
- Gets a Permission that matches the specified name.
load
public void load(String name,
Object credential) throws ClassNotFoundException, IOException, NotOwnerException
- Does nothing. This realm is not loaded and saved but implements
its functions based on a persistently stored state.
save
public void save(String name) throws IOException
- Does nothing. This realm is not loaded and saved but implements
its functions based on a persistently stored state.
newRdbmsUser
protected User newRdbmsUser(ResultSet rs) throws SQLException
- Converts the ResultSet into a User. Subclasses override this to
work with other PreparedStatements and/or to returns different
User implementations.
getPrincipal
protected Principal getPrincipal(String name)
- Resolves a name to a User or Group while giving the cache a try.
newRdbmsGroup
protected Group newRdbmsGroup(ResultSet rs,
Notifiable n) throws SQLException
- Converts the ResultSet into a Group. Subclasses override this to
work with other PreparedStatements and/or to returns different
Group implementations.
newRdbmsAcl
protected Acl newRdbmsAcl(ResultSet rs,
Notifiable n) throws SQLException
- Converts the ResultSet into a Group. Subclasses override this to
work with other PreparedStatements and/or to returns different
Group implementations.
At this level the implementation requires all Principal names
to appear together.
getUsers
public Enumeration getUsers()
- Returns an Enumeration of the users in a particular realm.
getGroups
public Enumeration getGroups()
- Returns an Enumeration of the groups in a listable realm.
getAcls
public Enumeration getAcls()
- Returns an Enumeration of the groups in a particular realm.
getPermissions
public Enumeration getPermissions()
- Returns an Enumeration of the permissions for a realm.
getCache
public BasicRealm getCache()
- Returns the cache of a BasicRealm.
setCache
public void setCache(BasicRealm r)
- Sets the cache for the specified BasicRealm.
All Examples This Package